Google's Virus Warning is NOT a Scam, But, Look Out for Future Postings, They May Be Look-alike Scams
We received a Google Blog posting from Damian Menscher, a security engineer at Google, describing how he identified that infected computers were sending search traffic through proxies to the search engine. When you do a search, it sends you to a Google proxy IP then, just before doing the search, changes the search string and shows malware pay per click sites in a very "professional looking" graphics to trick you to think that you are going to legitimate sites.
Mr. Menscher explains the following "As we work to protect our users and their information, we sometimes discover unusual patterns of activity. Recently, we found some unusual search traffic while performing routine maintenance on one of our data centers. After collaborating with security engineers at several companies that were sending this modified traffic, we determined that the computers exhibiting this behavior were infected with a particular strain of malicious software, or "malware."
Google added that "As a result of this discovery, today some people will see a prominent notification at the top of their Google web search results. We hope that by taking steps to notify users whose traffic is coming through these proxies, we can help them update their antivirus software and remove the infections"
This is a Google's first. They had never done this type of notification before. The notification will ONLY show at the top of the main Google page and it will be a page wide window with a black bar at the top. A similar black bar was seen when Google was testing to launch their Google+ service recently. The body of the window is in yellow and it will read in black letters:
"Your computer appears to be infected.
It appears that your computer is infected with software that intercepts your connection to Google and other sites. Learn how to fix this [Link]"
This message is for real. More than two million computers have been infected worldwide so far. If your receive the message, Google has detected that your PC is infected with a malware that appears to have gotten onto users' computers from one of approximately a hundred variants of a fake antivirus, or "fake AV" software that has been in circulation for some time. This time, one of the variants uses the Google service to scam users, therefore prompting Google to step in. When users click on the "Learn how to fix this" link, they are taken to a real Google page that will help users to get rid of the AV virus.
Up to now everything is running smoothly, but, now comes the catch, we know that scammers will design or copy the warning window that Goggle has been running since July 21, 2011 and that in the "Learn how to fix this" link in the fake window they will send users to an scam malware page. We can expect that Google will make sure that no one will be able to insert a fake message to replace the real one that they are posting in good faith, but no one can prevent hackers to insert a fake look alike window, with a malicious link, somewhere else, including a full fake Google main page.
Users must be alert that when they connect with the Google main page the address bar will show the proper address such as http://www.google.com/. There will be variants because Google routes users according to their detected geographical location. Make sure you have your anti virus software up to date and that is running in real time mode and be aware that Google will post this warning message ONLY at the top of their main page. If it shows somewhere else, it is a scam, no matter how real it may look.